getsebool - Man Page

• Show the current setting of a boolean: getsebool httpd_can_connect_ftp
• Show the current setting of [a]ll booleans: getsebool -a
• Show the current setting of all booleans with explanations: sudo semanage boolean -l|--list

tldr.sh

getsebool [-a] [boolean]

getsebool reports whether a particular SELinux boolean, or all SELinux booleans, are on or off. In certain situations a boolean can be in one state with a pending change to the other state. getsebool will report this as a pending change. The pending value indicates the value that will be applied upon the next boolean commit.

The setting of boolean values occurs in two stages; first the pending value is changed, then the booleans are committed, causing their active values to become their pending values. This allows a group of booleans to be changed in a single transaction, by setting all of their pending values as desired and then committing once.

-a

Show all SELinux booleans.

Show current state of httpd_can_connect_ftp
# getsebool httpd_can_connect_ftp

This manual page was written by Dan Walsh <dwalsh@redhat.com>. The program was written by Tresys Technology.

selinux(8), setsebool(8), booleans(8)

booleans(8), security_load_booleans(3), semanage-boolean(8), sepolicy-booleans(8), setsebool(8).